Vulnerability Note VU#408419
OpenSSH contains a one-off overflow of an array in the channel handling code
OpenSSH is a program used to provide secure connection and communications between client and servers. Channels are used to segregate differing traffic between the client and the server.
OpenSSH versions 2.0 - 3.0.2 contain a one-off overflow of an array in the code that handles channels. For an attack against the server, the attacker must be able to authenticate to the system in order to exploit this vulnerability. For an attack against the client, the client must connect to a malicious server.
An attacker is able to execute arbitrary code with the privileges of the sshd process on the server. The sshd process usually runs as root/superuser. A malicious server is able to execute arbitrary code on the vulnerable client's machine with the privileges of the current user.
Upgrade to OpenSSH version 3.1.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple||Affected||07 Mar 2002||11 Mar 2002|
|BSDI||Affected||07 Mar 2002||08 Mar 2002|
|Caldera||Affected||07 Mar 2002||02 Apr 2002|
|Conectiva||Affected||-||07 Mar 2002|
|Engarde||Affected||07 Mar 2002||07 Mar 2002|
|Hewlett Packard||Affected||07 Mar 2002||27 Mar 2002|
|MandrakeSoft||Affected||07 Mar 2002||07 Mar 2002|
|NETBSD||Affected||07 Mar 2002||13 Mar 2002|
|OpenBSD||Affected||07 Mar 2002||07 Mar 2002|
|OpenPKG||Affected||-||11 Mar 2002|
|OpenSSH||Affected||-||07 Mar 2002|
|Openwall GNU/*/Linux||Affected||-||18 Mar 2002|
|Red Hat||Affected||07 Mar 2002||11 Mar 2002|
|SCO||Affected||07 Mar 2002||13 Mar 2002|
|Sun||Affected||07 Mar 2002||07 Mar 2002|
CVSS Metrics (Learn More)
This vulnerability was discovered by Joost Pol <email@example.com>.
This document was written by Jason Rafail.
- CVE IDs: CAN-2002-0083
- Date Public: 07 Mar 2002
- Date First Published: 07 Mar 2002
- Date Last Updated: 02 Apr 2002
- Severity Metric: 25.65
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.